A remote user can create a specially crafted HTTP request header that, when loaded by the target user, will bypass the same-origin policy and access information from the target user's system in the context of the target domain.

Stefano Di Paola of Minded Security reported this vulnerability.

The original advisory is available at:

http://www.mindedsecurity.com/MSA02240108.html

Impact:
A remote user can create HTML that, when loaded by the target user, will obtain information from the target user's system.